$170K of Stolen Ethereum Traced to North Korean Hackers

Blockchain ana­lyt­ics firm Chainal­y­sis has iden­ti­fied an address asso­ci­at­ed with pre­vi­ous North Kore­an hacks that received approx­i­mate­ly $170,000 worth of Ethereum stolen in the recent $200 mil­lion hack of Euler Finance.

The Euler Finance hack is the largest of its kind in 2023. The bad actors man­aged to pull off a flash loan attack by tak­ing advan­tage of the lack of col­lat­er­al­iza­tion in flash loans to bor­row large amounts of funds. This made it pos­si­ble to manip­u­late token prices.

Chainal­y­sis has iden­ti­fied two pri­ma­ry on-chain enti­ties involved in the hack: a front-run­ning MEV (Min­er Extractable Val­ue) bot and the hack­er’s pri­ma­ry per­son­al wallet.

The indi­vid­ual who infil­trat­ed the sys­tem was pro­vid­ed with ini­tial finan­cial sup­port by Tor­na­do Cash, a mix­er that had been sanc­tioned, to cov­er the costs of gas fees and to con­struct the con­tracts that were uti­lized in the attack.

After that, they ini­ti­at­ed a flash loan, which made it pos­si­ble for them to bor­row $30 mil­lion in DAI from the Aave protocol.

After the hack was com­plete, the hack­er moved some of the funds back to Tor­na­do Cash.

The con­nec­tion to North Kore­an hack­ers was made when Chainal­y­sis dis­cov­ered that approx­i­mate­ly $170,000 worth of Ethereum stolen in the Euler Finance hack was sent to an address pre­vi­ous­ly asso­ci­at­ed with North Kore­an hack­ing activities.

The involve­ment of North Kore­an hack­ers in the Euler Finance hack high­lights the grow­ing threat of cyber­crime in the DeFi space.

As report­ed by U.Today, South Korea has imposed its first-ever cryp­to-relat­ed sanc­tions on North Korea due to the lat­ter’s cryp­tocur­ren­cy crimes.

North Kore­an hack­ers were respon­si­ble for the major­i­ty of cryp­to hack­ing activ­i­ty in 2022, steal­ing $3.8 bil­lion, with decen­tral­ized finance pro­to­cols account­ing for most of the losses.